[Catalog-sig] bad package that's fishing bitbucket emails

Michael Foord michael at voidspace.org.uk
Thu Mar 29 13:06:32 CEST 2012


On 29 Mar 2012, at 12:04, Yuval Greenfield wrote:

> I really dislike this tomfoolery with bitbucket, you can see that jgrid.org is also a DNS redirection or something. It's bad security practice by bitbucket to allow this imo.
> 
> Users should be trained for consistent address bars with HTTPS only, not all these useless copies with strange url's.
> 


That's not relevant as to whether or not the package in question should be removed from PyPI though.

Michael

> Yuval
> 
> On Thu, Mar 29, 2012 at 12:56 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> M.-A. Lemburg wrote:
> > Michael Foord wrote:
> >> Hello mt,
> >>
> >> It doesn't appear to be a clone, but embedding bitbucket - and the Python package *seems* genuine.
> >
> > The site hosts an illegal copy of the bitbucket site and redirects the logins
> > not to bitbucket, but to the code.thejeshgn.com:
> >
> > http://code.thejeshgn.com/account/signin/
> >
> > Needless to mention that the login info is sent in clear as well...
> >
> > I think we should inform Atlassian about this.
> 
> Looks like he cloned bitbucket for all his bitbucket repos:
> 
> http://code.thejeshgn.com/
> 
> and happily proxies requests through his site.
> 
> >> The correct place to report issues with pypi is the tracker (no-one on this webmaster alias is involved in the administration of pypi):
> >>
> >>      http://sourceforge.net/tracker/?group_id=66150&atid=513503
> >>
> >> For *discussing* PyPI issues, which seems wise for this particular question, the catalog-sig email list is the right place:
> >>
> >>      http://www.python.org/community/sigs/current/catalog-sig/
> >>
> >> I've copied them in on this email
> >>
> >> All the best,
> >>
> >> Michael Foord
> >>
> >> On 29 Mar 2012, at 11:15, m t wrote:
> >>
> >>> hi,
> >>> this package in pypi doesn't redirect to bitbucket, but a cloned site that fishes bitbucket emails:
> >>> http://pypi.python.org/pypi/Octopoda/.0.1
> >>>
> >>> might want to look into it,
> >>> mt
> >>>
> >>
> >>
> >> --
> >> http://www.voidspace.org.uk/
> >>
> >>
> >> May you do good and not evil
> >> May you find forgiveness for yourself and forgive others
> >> May you share freely, never taking more than you give.
> >> -- the sqlite blessing
> >> http://www.sqlite.org/different.html
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Catalog-SIG mailing list
> >> Catalog-SIG at python.org
> >> http://mail.python.org/mailman/listinfo/catalog-sig
> >
> 
> --
> Marc-Andre Lemburg
> eGenix.com
> 
> Professional Python Services directly from the Source  (#1, Mar 29 2012)
> >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
> >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> 2012-04-03: Python Meeting Duesseldorf                      5 days to go
> 
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
> 
> 
>   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>           Registered at Amtsgericht Duesseldorf: HRB 46611
>               http://www.egenix.com/company/contact/
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
> 


--
http://www.voidspace.org.uk/


May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing 
http://www.sqlite.org/different.html







More information about the Catalog-SIG mailing list